Caused by: java.lang.IllegalArgumentException: File does not contain valid private key: pe/cert-rd/xxx.key
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:270)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:225)
at com.sd.srm.mes.core.config.GrpcConfig.buildSslContext(GrpcConfig.java:78)
at com.sd.srm.mes.core.config.GrpcConfig.buildManagedChannel(GrpcConfig.java:47)
at com.sd.srm.mes.core.config.GrpcConfig.buildStu(GrpcConfig.java:65)
at com.sd.srm.mes.core.config.GrpcConfig$$EnhancerBySpringCGLIB$$48d85394.CGLIB$buildStu$1(<generated>)
at com.sd.srm.mes.core.config.GrpcConfig$$EnhancerBySpringCGLIB$$48d85394$$FastClassBySpringCGLIB$$a7429e0a.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331)
at com.sd.srm.mes.core.config.GrpcConfig$$EnhancerBySpringCGLIB$$48d85394.buildStu(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
... 29 common frames omitted
Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContext.va.lang.IllegalArgu
mentException: File does not contain valid private key:ZZgetPrivateKeyFromByteBuffer(SslContext.java:1082)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1051)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:268)
... 43 common frames omitted
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:169)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1080)
... 45 common frames omitted
Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
at sun.security.ec.ECPrivateKeyImpl.<init>(ECPrivateKeyImpl.java:74)
at sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:237)
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:165)
... 47 common frames omitted
背景
与同事联调接口需要加入证书,在开发、测试环境一切正常,当切换证书,发到预发布环境时却出现的上述的错误:File does not contain valid private key,当时一脸懵逼。去跟同事沟通,同事说他给的证书没有问题,我这边也没有动过代码,唯一的变化点就是证书所以问题肯定还是出现在证书上面。
问题定位
既然都说自己没问题,没办法只能去查阅相关资料,得到异常确实跟证书有关,而且错误日志也很明确的打印了:at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351),采用PKCS8无法解析证书。这是因为我们的客户端使用的是netty,netty默认使用PKCS8格式对证书进行解析,然而服务端给我们的证书是PKCS1格式的,所以客户端采用PKCS8无法对证书进行解析。
问题处理
对证书进行格式转行,将PKCS1格式转换成PKCS8即可。
执行如下命令,即可完成证书格式转换。
openssl pkcs8 -topk8 -inform PEM -in xxx.key -outform pem -nocrypt -out xxx8.key
证书格式区别:
- PKCS1的文件头格式 -----BEGIN RSA PRIVATE KEY-----
- PKCS8的文件头格式 -----BEGIN PRIVATE KEY-----
问题总结
当程序异常时最直接有效的方式还是:仔细阅读日志、仔细阅读日志、仔细阅读日志,因为上述的问题在日志:sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351),中已经很好的体现了,只是因为平时对OpenSSL RSA加密接触的比较少,所以第一时间还是去百度了,其实上述问题只要你对RSA加密和OpenSSL有一点了解,并能很直观的看到问题的所以然。
|